» eUpdate.exe
Overview
Analysis
File Details
Downloads (1)

eUpdate.exe

Skytouch Technology Co., Limited

The application eUpdate.exe by Skytouch Technology Co., Limited has been detected as adware by 20 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from file.soft365.com.

File name:

eUpdate.exe

Publisher:

Skytouch Technology Co., Limited (signed and verified)

Version:

10.2.0.2610

MD5:

fcd5c26ed2de78e8737816370b01e248

SHA-1:

8bf1396adf5bb6e5d93e65d61e43af0a524e8db0

SHA-256:

9c03687989d14f6dd1a1ec15baeb165af02bb9fcedba911885734beba158dd5a

Scanner detections:

20 / 68

Status:

Adware

Analysis date:

4/26/2024 5:19:21 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.Staser

2013.10.09

Bitdefender

Trojan.Generic.9539641

1.0.20.1650

Bkav FE

HW32.CDB

1.3.0.4246

Comodo Security

TrojWare.Win32.Trojan.Agent.Gen

17073

Dr.Web

Adware.Mutabaha.20

9.0.1.0239

Emsisoft Anti-Malware

Trojan.Generic.9539641

8.13.11.26.02

ESET NOD32

Win32/ELEX (variant)

7.8891

F-Secure

Trojan.Generic.9539641

11.2013-26-11_3

G Data

Trojan.Generic.9539641

13.11.22

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.2.0.127

K7 AntiVirus

Trojan

13.173.9818

Kaspersky

Trojan.Win32.Staser

14.0.0.3797

Malwarebytes

Trojan.Staser

v2013.08.27.01

McAfee

Artemis!FCD5C26ED2DE

5600.7180

MicroWorld eScan

Trojan.Generic.9539641

14.0.0.990

Norman

Suspicious_Gen4.EUQAE

11.20131126

Reason Heuristics

PUP.SkytouchTechnologyCoLimited.H

14.3.20.14

Trend Micro House Call

TROJ_GEN.R03LH0AHH13

7.2.239

Trend Micro

TROJ_GEN.R0CBC0OIP13

10.465.26

VIPRE Antivirus

Trojan.Win32.Generic

22200

File size:

532.6 KB (545,400 bytes)

Product version:

10.2.0.2610

Original file name:

eUpdate.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\eupdate.exe

Digital Signature

Signed by:

Skytouch Technology Co., Limited

Authority:

GlobalSign nv-sa

Valid from:

7/8/2013 1:29:59 AM

Valid to:

7/9/2014 1:29:59 AM

Subject:

CN="Skytouch Technology Co., Limited", O="Skytouch Technology Co., Limited", L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11216078022FA91C0EB61326E0E8FDBE9C30

File PE Metadata

Compilation timestamp:

8/16/2013 1:49:45 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:yktZyIrYpRVnwKfoVOffv9fqmFnHFqR4Ee+:hyuYpnwaoUfqmXVEe+

Entry address:

0x1000

Entry point:

68, 01, 30, 48, 00, E8, 01, 00, 00, 00, C3, C3, B0, 3F, EC, 89, 63, D3, 5C, 37, 60, 56, 48, 6E, BE, B2, 67, EE, 50, F7, 64, 80, 1B, 5D, 9D, 61, FC, 6A, 0A, 59, AD, 5B, C8, 32, 0C, E7, AA, 30, 29, B1, 0F, 66, A3, ED, 0C, 16, E8, 28, C6, 2B, 52, 0D, 99, 04, C7, 4E, 0C, 75, 5B, 29, 73, 13, 6F, F7, 66, 54, 6D, 50, 47, 53, 6F, 09, 35, 63, 62, 2C, F1, 18, 4B, D8, D0, 9E, 3F, 6A, A7, F7, 55, 7C, 2C, 0F, FA, B5, 52, 3E, 14, 99, 10, 2C, B7, 85, 48, A7, 31, 94, EB, 3E, 39, C3, A6, 68, 8A, EE, 6D, 08, C9, 80, B3, 60... 
[+]

Entropy:

7.9728

Packer / compiler:

ASProtect v1.2x (New Strain)

Code size:

128.5 KB (131,584 bytes)

The file eUpdate.exe has been seen being distributed by the following URL.

http://file.soft365.com/Public/softs/eGdp/13.3.2.2610/.../_eUpdate_13.3.2.2610.exe

Remove eUpdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.